Twitter knocked offline by DDoS attack; Koobface returns with a twist

Twitter knocked offline by DDoS attack; Koobface returns with a twist

Summary: Popular microblogging service Twitter was knocked offline for an extended period this morning by what appears to be a massive distributed denial-of-service attacks.Twitter confirmed the outage was linked to malicious attackers in a brief status message posted around 11:00 a.

SHARE:

Popular microblogging service Twitter was knocked offline for an extended period this morning by what appears to be a massive distributed denial-of-service attacks.

Twitter confirmed the outage was linked to malicious attackers in a brief status message posted around 11:00 a.m EST.

We are defending against a denial-of-service attack, and will update status again shortly.

Update: the site is back up, but we are continuing to defend and recover from this attack.

Here's a chart from Arbor Networks showing how the DDoS attack affected Twitter:

The denial-of-service attack coincides with the launch of a new Koobface malware run using Twitter messages as a distribution vector for fake security software (scareware).

According to Kaspersky Lab's Stefan Tanase (see important disclosure), the new wave of Koobface attacks includes a change in tactics.  The hackers are now using a well-designed Facebook lookalike page and unique Twitter messages to trick Windows users into downloading scareware programs.

This Twitter Search shows examples of the attacks underway.

A user clicking on a malicious link in Twitter is presented with a fake Facebook page with what purports to be an embedded video file.

The target is presented with an Adobe Flash Player upgrade message but this too is fake and dangerous. If the user attempts to apply the Flash Player update, the machine is infected with rogue security software that badgers the user into paying for a disinfection tool.

The latest wave of Koobface links are bypassing the Google Safe Browsing API that's now being used by Twitter to filter out malicious links.

This week everyone's been talking about how Twitter started to use the Google Safebrowsing API to block tweets containing malicious URLs. It is definitely going to stop some attacks, but as we're seeing with the current attack, it won't eradicate the problem completely. It's clearly a step forward, but a single swallow doesn't make a summer.

Kaspersky's Tanase has identified about 100 unique IP addresses hosting Koobface malware executables.

Facebook and FriendFeed were also suffering through minor outages this morning.  It is not yet clear if this is related to Twitter's problems.

Topics: Security, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

15 comments
Log in or register to join the discussion
  • Facebook also having issues

    I can't play Mafia Wars what to do now! LOL
    Randalllind
    • Play Bejeweled instead? :p

      :)
      Loverock Davidson
  • No no, they were selling a product that was uncovered as a scam!

    It was on the news last night. They are getting their stupid people stupid back to people people; again.
    Thomas Rippley
  • RE: Twitter knocked offline by DDoS attack; Koobface returns with a twist

    Does not appear to be related.
    RStiennon
  • Withdrawl for the Twitter Addicts

    It must have been a horror show - no tweats for hours - what did they do? How would they know if Ashton Kindergarten went to the mall? Ahhh!
    jpr75_z
  • RE: Twitter knocked offline by DDoS attack; Koobface returns with a twist

    Are you still thinking it's Koobface or did it's update just coincide with what others are thinking was a targeted attack on a particular blogger? The blogger had pages on Facebook and LiveJournal, and they've been saying he appears to be the target?

    Just curious if you had any new information.
    BethJones,SophosLabs
  • RE: Twitter knocked offline by DDoS attack; Koobface returns with a twist

    LOL
    I never did like twitter
    vaughanm
  • Prison Food?

    Suggesting 'Hospital Food' for these corrupt individuals, may be a bit excessive, but prison food would suit them down to the ground. Free board and lodging thrown in!...How do these 'scareware' merchants collect their money? surely they don't ask their victims to leave the money in 'used notes' in a dead-letter-box? It should not be too much of a problem to trace the payments. Follow the money! then book the culprits into prison.
    Brother Martin de Porres
  • RE: Twitter knocked offline by DDoS attack; Koobface returns with a twist

    Not surprised. At least Twitter and Facebook have something else in common. :)
    Capt_Sparky
  • RE: Twitter knocked offline by DDoS attack; Koobface returns with a twist

    wow, move on, (was it that hacker that hacked twitter before??
    rylee-ann
  • YEAH!!! It's About Time Those Guys Got Twitter!

    Celebrate! Celebrate! Dance to the silence!
    Q_Tips
  • YEAH!!! It's About Time Those Guys Got Twitter!

    Celebrate! Celebrate! Dance to the silence!
    Q_Tips
  • No news here. Apple updates done. Fixed. EOS! (NT)

    NT
    No More Microsoft Software Ever!
    • Does the same logic apply to MS?

      Because when I patched Windows, and Conficker took advantage of the already patched vulnerability (on unpatched systems), I was told that Windows is insecure and MS was to blame. So I am just wondering whether your logic also applies to that case.

      Thanks!
      Qbt
  • RE: Twitter knocked offline by DDoS attack; Koobface returns with a twist

    Great!!! thanks for sharing this information to us!
    <a href="http://www.yuregininsesi.com">seslisohbet</a> <a href="http://www.yuregininsesi.com">seslichat</a>
    birumut